CVE-2024-8656
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Summary
CVE-2024-8656 identifies a vulnerability in the WPFactory Helper plugin for WordPress that affects all versions up to and including 1.7.0, allowing for Reflected Cross-Site Scripting (XSS). This flaw arises from the improper use of the add_query_arg function without adequate URL escaping, enabling unauthenticated attackers to inject malicious scripts into web pages if users are tricked into clicking on a link. The vulnerability has an exploitability score of 2.8 and is rated as medium severity, requiring user interaction for exploitation. To remediate this issue, organizations should update to version 1.7.1 or later of the WPFactory Helper plugin. If left unaddressed, this vulnerability poses a risk of compromising user data and potentially enabling further attacks within an organization's network.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.